Block Torrent applications from AD pgroup policy

Hi
is it possible to block all kind of torrent applications from AD group policy for all users. so they cannot open the application itself from their system if they have installed it already.
dhanush_supportAsked:
Who is Participating?
 
Giovanni HewardCommented:
Using a firewall to block torrent communications is a challenge, as the torrent protocol was designed to circumvent them.  There is plenty of discussion elsewhere outlining the  difficulties of such an approach.  Don't get me wrong, there is absolutely nothing wrong with defense in depth, you simply cannot rely on a traditional firewall approach alone.   If you really want to effectively approach this you'll need deep packet inspection extrusion prevention combined with a TLS/SSL man-in-the-middle proxy.

That being said, (depending on your environment) it may be easier to block all applications and white list those approved by management.   This of course could be circumvented as well in numerous ways.  (Think cloud based apps, unauthorized VM's/equipment not on the domain, multiple OS's (one or more not on the domain) installed, smart devices, tunneling/remoting into an offsite pc, etc.

So again, defense in depth in key.  Make sure you have a proper acceptable use policy that transfers legal risk to the end user should they violate it, restrict DNS resolution (OpenDNS), use a TLS/SSL application proxy with packet inspection and extrusion prevention (which can proactively terminate connections), block torrent trackers by IP, blacklist known torrent applications, throttle connections to minimize impact on your network, etc.

At the end of the day the ideal approach is to present all these solutions to your management and have them decide which ones to implement after you've explained the pro's and con's of each.
0
 
Giovanni HewardCommented:
You can blacklist via GPO, see http://support.microsoft.com/default.aspx?scid=kb;en-us;323525

You can also look into restricting DNS to a provider (such as OpenDNS) that allows category based blocking.
0
 
Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
0
 
ibrahim52Team LeaderCommented:
I would suggest you to go for a cheap firewall which supports HTTPS blocking to resolve your problem. I have tried a lot of GP but never worked because there are plenty of applications supports .torrent extension in fact there are browser based torrent servers which doesn't require installation at all and workings as a local host server.

Think about a situation where you have to give full privilege to a domain user taking it into ADMINISTRATOR group. What would you do that time to prevent this issue ?

Simply host a PC based firewall or ask your organization to spend some bucks and get a proper firewall to administrate and which can also keep your internet SECURE.
0
 
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
GP will work if you are using Windows firewall on client PCs where you could block based on the application (file path) as well based on ports.  A firewall such as Sonicwall or Cisco could also help by blocking torrent ports.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.